From a0d335ff39c4280456b293fb83582d7a0cc6b939 Mon Sep 17 00:00:00 2001
From: c0bw3b <c0bw3b@users.noreply.github.com>
Date: Sun, 17 Nov 2019 21:43:52 +0100
Subject: [PATCH] jasper: mark as vulnerable

Many memory issues remain unfixed or partially fixed:
CVE-2018-18873 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541
CVE-2018-9252 CVE-2018-19542 CVE-2018-19543 CVE-2018-20570
CVE-2018-20584 CVE-2018-20622 CVE-2018-9252

Debian/Ubuntu, OpenSuSE and Gentoo removed it entirely. See:
https://github.com/mdadams/jasper/issues/208
---
 pkgs/development/libraries/jasper/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/development/libraries/jasper/default.nix b/pkgs/development/libraries/jasper/default.nix
index 1bad3394b6acc..093fd0c5f28ac 100644
--- a/pkgs/development/libraries/jasper/default.nix
+++ b/pkgs/development/libraries/jasper/default.nix
@@ -42,5 +42,10 @@ stdenv.mkDerivation rec {
     platforms = platforms.unix;
     license = licenses.jasper;
     maintainers = with maintainers; [ pSub ];
+    knownVulnerabilities = [
+      "Numerous CVE unsolved upstream"
+      "See: https://github.com/NixOS/nixpkgs/pull/57681#issuecomment-475857499"
+      "See: https://github.com/mdadams/jasper/issues/208"
+    ];
   };
 }